October is the #cybersecurity awareness month - take a few minutes to reflect on what you can do to improve cybersecurity for your business.
At the final sprint of the month, focus is on making security a priority - for the whole organization.
For businesses, this means adding security into products and processes and to equip organizations with the correct tools.
Download our free checklist Adding Security into Products and Processes (PDF)
October is a busy month - therefore we’ve compiled a cheat sheet with a short checklist of security measures. Download the PDF and read it through on the run - time well spent in preventing your organization from getting attacked.
The best practices in the PDF are described in more detail below:
- Prevent unwanted dependencies from getting in to your organization
- Automate monitoring for vulnerable & malicious components
- Keep components up to date - across all applications
1. Prevent unwanted dependencies from getting in to your organization
The number of cyberattacks are increasing. A popular approach for attackers is to take over a popular component, inject malicious code and let companies get compromised through their supply chain.
A recent example is the ua-parser-js attack which installed malware, something many companies could have avoided with the right tooling.
Once hackers manage to take over dependencies, their success rate is unfortunately high.
We want to create awareness that there are solutions to avoid these type of attacks by preventing unwanted bad packages from getting into your organization.
2. Automate monitoring for vulnerable & malicious components
Manually keeping track of your applications’ dependencies is practically impossible. Remove manual/semi-manual processes and stop relying on key individuals to check components for problems.
There’s a saying that a fool with a tool is still a fool. But in this case, with the right tooling you’re able to add corporate-level security regardless of seniority in your team.
3. Keep components up to date - across all applications
The nonprofit organization OWASP lists outdated and vulnerable components as one of their Top 10 Web Application Security Risks that companies and developers should focus on. At Bytesafe we researched Nordic Financial Institutions and found that 4 out of 5 use outdated and vulnerable components.
If you are unaware of what components you use and their state, then you are likely vulnerable.
Stay in control of your dependencies and use a patch management process to keep components up to date - and avoid attacks exploiting dependencies.
We are here to help
If you need any help or guidance contact me at firstname.lastname@example.org.
Feel free to share/repost.